This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
GCA
Admiral
Admiral
‎2014-02-13 10:02
1236 views

A piece of CAKe

I don't know about you but I find pretty difficult to generate realistic traffic for testing. While existing tools such as the replayfilegen, perftestsyslog or bleep are nice I often feel they lack of flexibility. That's why I decided to write my own tool. CAKe (standing for CEF Army Knife experiment) is a python script that I define as a versatile CEF manipulation and generation tool.

CAKe can:

  • replay existing CEF events or generate partially random CEF events based on a customizable template
  • Modify timestamps of your CEF events. You can decide the timestamp(s) you want to modify and 4 modes exist:
    • realtime: you define the EPS you want and the timestamps are generated to simulate realtime events
    • customtime : you define a number of events and a time period (can be something like Now-1h:Now:100). Timestamps are created to spread your events equally all over this period.
    • keeptimestamp: keep existing timestamp
    • no timestamp: remove existing timestamp
  • generate different output for your new cef events
    • CEF files: events are simply stored in files.
    • CSV file: allows to get a human readable format for CEF events
    • Syslog: CEF events can be sent to a syslog connector in TCP or UDP
    • display: CEF events are directly displayed in your terminal
  • Modify CEF events content in multiple ways:
    • sanitization: it's possible to remove IPs or to randomize them. It's possible to remove CEF fields if the fieldname or the value contains a given string
    • extract: allows only keeping some CEF fields from a given CEF event
    • select/unselect: allows to keep only or remove CEF events containing a given pattern
    • add: allows adding some extra CEF fields
    • fix: a string search and replace function in the CEF event

If you are interested you can find a lot more details in the documentation. If you want to give it a try, please help yourself and have a piece of CAKe.

All your comments are more than welcome


Labels (2)
Preview file
524 KB
cake v0.2.zip
Reply
Report Inappropriate Content
13 Replies
paul.mac.carman1
Absent Member.
Absent Member.
‎2017-01-09 20:10

Since my name is MacGyver, I'm going to have to give this a try this week!

Any new updates to keep in mind?  Thank you!

0 Likes
Reply
Report Inappropriate Content
GCA
Admiral
Admiral
‎2017-01-10 13:54

Hi Paul,

This is the last version available. I know some people have been using it successfully but didn't get a lot of feedback to be honest so ... good luck with your testing 😉

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.